package jdbc;
/**
 * 用户登录功能
 * 程序启动后要求用户输入用户名和密码。
 * 然后比对userinfo表中是否存在该用户，如果匹配则提示登录成功
 * 否则提示:用户名或密码不正确
 * 登录逻辑:只有用户名密码都正确才算登录成功
 */
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class LoginDemo {
    public static void main(String[] args) {
        UserInfo userInfo = InputUtil.getInputObject(new UserInfo(),"欢迎登录","登录");
        try (
                Connection connection = DBUtil.getConnection();
                ){
            Statement statement = connection.createStatement();
            String sql = "SELECT id,username,password,nickname,age " +
                    "FROM userinfo " +
                    "WHERE username='"+userInfo.getUsername()+"'AND password='"+userInfo.getPassword()+"'";   //a' OR '1'='1
            ResultSet rs = statement.executeQuery(sql);
            if (rs.next()){
                System.out.println("登录成功，欢迎你:"+rs.getString("nickname"));
            }else {
                System.out.println("登录失败，用户名或密码不正确");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }

    }
}
